Malwarebytes Labs reports that it’s discovered a new scareware campaign targeting iOS users. The campaign pushes a “free” VPN app called My Mobile Secure via rogue ads on popular Torrent sites.
According to Malwarebytes Labs, the page plays an ear-piercing beeping sound and claims the device is infected with viruses. Tapping the Remove Virus button opens the Apple App Store to download the app … and that’s when things go downhill.
According to the developer profile the company is a market research panel designed to understand the trends and behaviors of people using the mobile Internet. Malwarebytes Labs says this should be a red flag when applied to a VPN product, whose goal is to precisely anonymize your online activity by encrypting your data from your ISP, government, bad guys, etc.
When it comes to malicious adverts there’s a preconceived notion that malvertising mostly affects the Windows platform, and the bad guys seem to be taking advantage of that fact. But malvertising can produce different outcomes adapted to devices that a user is running. As this new campaign shows, if a user is running iOS, they are certainly at risk. Malwarebytes Labs has issued a full analysis of the scam on their blog.